Submitted URL: http://rr-edu.com/2KOOcyJJYZ5d
Effective URL: http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
Submission: On September 29 via manual from US

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 7 HTTP transactions. The main IP is 23.250.10.112, located in Stoney Creek, Canada and belongs to SERVER-MANIA, CA. The main domain is perkscat.com.
This is the only time perkscat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 23.250.10.112 55286 (SERVER-MANIA)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 34.102.231.170 15169 (GOOGLE)
7 5
Domain Requested by
2 www.lgljmp.com 1 redirects perkscat.com
2 perkscat.com rr-edu.com
perkscat.com
2 rr-edu.com code.jquery.com
1 www.googletagmanager.com perkscat.com
1 code.jquery.com rr-edu.com
7 5

This site contains no links.

Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
lgljmp.com
Go Daddy Secure Certificate Authority - G2
2019-11-19 -
2021-01-18
a year crt.sh

This page contains 1 frames:

Frame: https://www.lgljmp.com/2XL7R2S/8ZK7GQ/?__rpt=0&__po=160&__ptid=dca211b015714898a6be38f4a47e7e4e&__rpa=0&__rc=1&sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=&sub5=&source_id=&__pcd=9
Frame ID: 9E4335E99AF35F1002B753FF7A320D77
Requests: 7 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://rr-edu.com/2KOOcyJJYZ5d Page URL
  2. http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

7
Requests

29 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

66 kB
Transfer

166 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://rr-edu.com/2KOOcyJJYZ5d Page URL
  2. http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://www.lgljmp.com/2XL7R2S/8X6BQ5/?sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4= HTTP 302
  • https://www.lgljmp.com/2XL7R2S/8ZK7GQ/?__rpt=0&__po=160&__ptid=dca211b015714898a6be38f4a47e7e4e&__rpa=0&__rc=1&sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=&sub5=&source_id=&__pcd=9

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set 2KOOcyJJYZ5d
rr-edu.com/
2 KB
1 KB
Document
General
Full URL
http://rr-edu.com/2KOOcyJJYZ5d
Protocol
HTTP/1.1
Server
2606:4700:3031::681b:94d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d6de9ea738ae81311042dcd825b0acc8a61e800ac0c1ee2713731c96620a49a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
rr-edu.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 29 Sep 2020 13:46:07 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d2e1d22c2531fe2615fba5acb39bf86df1601387164; expires=Thu, 29-Oct-20 13:46:04 GMT; path=/; domain=.rr-edu.com; HttpOnly; SameSite=Lax a=116406; expires=Wed, 29-Sep-2021 13:46:07 GMT; Max-Age=31536000; Path=/ t=2KOOcyJJYZ5d; expires=Wed, 29-Sep-2021 13:46:07 GMT; Max-Age=31536000; Path=/
X-Frame-Options
SAMEORIGIN
CF-Cache-Status
DYNAMIC
cf-request-id
057bb60d0700001756533b4200000001
Server
cloudflare
CF-RAY
5da625f4dcd51756-FRA
Content-Encoding
gzip
jquery-1.11.3.min.js
code.jquery.com/
94 KB
33 KB
Script
General
Full URL
http://code.jquery.com/jquery-1.11.3.min.js
Requested by
Host: rr-edu.com
URL: http://rr-edu.com/2KOOcyJJYZ5d
Protocol
HTTP/1.1
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

Referer
http://rr-edu.com/2KOOcyJJYZ5d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 29 Sep 2020 13:46:07 GMT
Content-Encoding
gzip
Last-Modified
Tue, 28 Apr 2015 16:20:58 GMT
Server
nginx
ETag
W/"553fb36a-176d5"
Vary
Accept-Encoding
X-HW
1601387167.dop219.fr8.t,1601387167.cds127.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33261
/
rr-edu.com/ajax_post/
66 B
426 B
XHR
General
Full URL
http://rr-edu.com/ajax_post/
Requested by
Host: code.jquery.com
URL: http://code.jquery.com/jquery-1.11.3.min.js
Protocol
HTTP/1.1
Server
2606:4700:3031::681b:94d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
http://rr-edu.com/2KOOcyJJYZ5d
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 29 Sep 2020 13:46:09 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
5da62604aed01756-FRA
cf-request-id
057bb616e50000175653068200000001
Primary Request /
perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/
5 KB
5 KB
Document
General
Full URL
http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
Requested by
Host: rr-edu.com
URL: http://rr-edu.com/2KOOcyJJYZ5d
Protocol
HTTP/1.1
Server
23.250.10.112 Stoney Creek, Canada, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software
nginx /
Resource Hash
7d5611cbb7a80dfa6e6b0ecc74f025cd4cfa738b50196dc0991ad253f851893c

Request headers

Host
perkscat.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://rr-edu.com/2KOOcyJJYZ5d
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://rr-edu.com/2KOOcyJJYZ5d

Response headers

Server
nginx
Date
Tue, 29 Sep 2020 13:50:34 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
gtm.js
www.googletagmanager.com/
65 KB
26 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NXNQ2LW
Requested by
Host: perkscat.com
URL: http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ec0d3b719438023d9b2ac94489db0f4a6ac83e0e57ab46f0243fd39e1e6b0bb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 13:46:09 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26258
x-xss-protection
0
last-modified
Tue, 29 Sep 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 29 Sep 2020 13:46:09 GMT
index.php
perkscat.com/
229 B
403 B
XHR
General
Full URL
http://perkscat.com/index.php
Requested by
Host: perkscat.com
URL: http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
Protocol
HTTP/1.1
Server
23.250.10.112 Stoney Creek, Canada, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software
nginx /
Resource Hash
5650b2b04c53821776f80311139bd2b9691f7156d316dd0de869302d31646498

Request headers

Referer
http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Tue, 29 Sep 2020 13:50:35 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
www.lgljmp.com/2XL7R2S/8ZK7GQ/
Redirect Chain
  • https://www.lgljmp.com/2XL7R2S/8X6BQ5/?sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=
  • https://www.lgljmp.com/2XL7R2S/8ZK7GQ/?__rpt=0&__po=160&__ptid=dca211b015714898a6be38f4a47e7e4e&__rpa=0&__rc=1&sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=&sub5=&source_id=&__...
0
0
Document
General
Full URL
https://www.lgljmp.com/2XL7R2S/8ZK7GQ/?__rpt=0&__po=160&__ptid=dca211b015714898a6be38f4a47e7e4e&__rpa=0&__rc=1&sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=&sub5=&source_id=&__pcd=9
Requested by
Host: perkscat.com
URL: http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.231.170 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
170.231.102.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
www.lgljmp.com
:scheme
https
:path
/2XL7R2S/8ZK7GQ/?__rpt=0&__po=160&__ptid=dca211b015714898a6be38f4a47e7e4e&__rpa=0&__rc=1&sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=&sub5=&source_id=&__pcd=9
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
uniqueClick_8X6BQ5=814b7d5c-adae-4451-a1c8-78b586424cd3:1601387170
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://perkscat.com/a95cd37924f6a83d75cc21c1b512d8a65/?sid3=116406

Response headers

status
204
server
nginx
date
Tue, 29 Sep 2020 13:46:10 GMT
vary
Origin
x-eflow-request-id
ac134c6b-dce0-461e-bb64-1de277c552ad
via
1.1 google
alt-svc
clear

Redirect headers

status
302
server
nginx
date
Tue, 29 Sep 2020 13:46:10 GMT
content-type
text/html; charset=utf-8
content-length
269
location
https://www.lgljmp.com/2XL7R2S/8ZK7GQ/?__rpt=0&__po=160&__ptid=dca211b015714898a6be38f4a47e7e4e&__rpa=0&__rc=1&sub1=101113&sub2=5511d92675fd4413a02d0e30e9630a19&sub3=27127&sub4=&sub5=&source_id=&__pcd=9
set-cookie
uniqueClick_8X6BQ5=814b7d5c-adae-4451-a1c8-78b586424cd3:1601387170; Path=/; Expires=Thu, 29 Oct 2020 13:46:10 GMT; Secure; SameSite=None
vary
Origin
x-eflow-request-id
5ebb8fd1-41d1-4ffa-92a1-e20d672f5bf3
via
1.1 google
alt-svc
clear

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| dataLayer function| isTouchDevice boolean| errFirefox object| var_params string| na function| get_ad_block function| emulate_device_support object| http string| _timezone string| url object| params object| google_tag_manager

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN